Multi-WAN setup
-
I have two WAN interfaces link bounded: WAN: 192.168.1.1 and WAN2 192.168.2.1 they are setup as gateway WEB
I have two extra interfaces Lan: 192.168.3.1 and WDMZ 172.16.1.1.
I can access the internet from the LAN interface but not WDMZ.
I have allowed access from the WDMZ to the Web gateway. WDMZ to WAN and WDMZ WAN2 but I still can't access the internet. not sure what I am doing wrong?
Any help would be great!!!. Thanks
-
It sounds like your WDMZ rules are just allowing access to WANnet, WAN2net. That will only let you get to your WAN devices to configure them! To access the whole internet you need destination any in the rule.
-
just tried it, that didn't work… I've allowed WDMZ through the WAN interface and WAN2 interfaces and still no access ?
-
Looks like you are missing the proper Outbound NAT config. In these cases most times you have to set it up manually. The idea is to create a rule on each WAN interface for each LAN segment you want to allow access
https://doc.pfsense.org/index.php/Outbound_NAT
-
reviewing my fw logs, it looks like traffic is getting blocked on the WDMZ interface… but there are no rules preventing traffic on this interface? any ideas
-
Everything is blocked by default on extra interfaces (and on WAN). LAN is the only interface that is given a pass rule in the factory default setup. You need to add pass rules on WDMZ to allow the traffic initiated from WDMZ to be accepted by the firewall.
If you are confused, then post the rules that you have on each of your interfaces. -
Hello, Phil, :)
I'm having the same problem. You got solution?
Could you help me please!thank you
Fernando Silveira -
The cause of the issue originally posted was probably misconfigured firewall rules (he never confirmed though)
Post the rules you have, describe your situation and we will help you :)
-
Good Morning George/All of,
Sorry my english,
I have installed pfSense 2.1-RELEASE (amd64), recently acquired over a dedicated link. The second WAN2 is working almost perfectly rsrsr. If I have a machine configured for the rule to use the pfSense WAN2 the GATEWAY, I browse the internet, access my 10.0.0.0/24 network (lan) without problem. MOST can not access the DMZ (10.0.1.0/24).
1. Running ping 10.0.1.1, Interface DMZ pfsense, it responds.
2. Any other machine on the DMZ does not respond
3. I found that running traceroute to a machine in the DMZ, it is routed to the internet.Interface DMZ only two rules
DMZ net access all
LAN net access DMZ net[2.1-RELEASE][root@router]/root(7): netstat -rn
Routing tablesInternet:
Destination Gateway Flags Refs Use Netif Expire
default 200.Y.Y.41 UGS 0 55473923 fxp0
10.0.0.0/24 link#3 U 0 190866678 em0
10.0.0.1 link#3 UHS 0 0 lo0
10.0.1.0/24 link#4 U 0 151524091 em1
10.0.1.1 link#4 UHS 0 0 lo0
10.0.5.0/24 10.0.5.2 UGS 0 621765 ovpns1
10.0.5.1 link#15 UHS 0 0 lo0
10.0.5.2 link#15 UH 0 0 ovpns1
10.0.6.1 link#16 UHS 0 0 lo0
10.0.6.2 link#16 UH 0 0 ovpns2
127.0.0.1 link#11 UH 0 1 lo0
177.X.X.X/29 link#2 U 0 61 fxp1
177.X.X.202 link#2 UHS 0 1 lo0
192.168.1.0/24 link#3 U 0 207471 em0
192.168.1.250 link#3 UHS 0 0 lo0
192.168.3.0/24 10.0.6.2 UGS 0 5096955 ovpns2
200.Y.Y.Y/29 link#1 U 0 0 fxp0
200.Y.Y.42 link#1 UHS 0 0 lo0
200.Y.Y.225 200.Y.Y.41 UGHS 0 341792 fxp0If someone can give me an idea, thanks
Thank you, GeorgemanHug
Fernando Silveira -
So you cannot access DMZ from the machine that connects through WAN2?
It looks like you have specified a gateway for your LAN interface. Make sure the LAN gateway is set to "None".
Also, you don't need rules on the DMZ for this, and you shouldn't have any! The idea of a DMZ is that its devices cannot access the devices on LAN right? The only rules on DMZ should be the ones that allow its devices to access internet, if necessary.
Do you speak spanish? If that's the case, post in the spanish forum, I'll help you (I'm from Argentina)
-
Enclosed are my rules, not understanding what I'm doing wrong… I can't put all screen shots ...
